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(54) Key management system for use with smart cards 

(57) The present invention implements a key man- 
agement system to preclude use of a smart card by a 
wrongful individual or unauthorized terminal by storing 
the security parameters in an encrypted file on the 2 " 

smart card. The key to the file (known as the file decryp- 
tion key) is not stored on the card; instead it is gener- 
ated and stored in a remote data center which is only 
accessible by an authorized user. 
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minal configured for reception of the smart card, which 
t information terminal is configured to electronically com- 
municate with a remote data center, 
i The remote data center is provided with a computer 

processor having a storage medium that includes a file s 
decryption key capable of deciphering the variable 
encryption code embedded in the data file of the smart 
card. The data center is adapted to electronically trans- 
mit the file decryption key to the smart card when the 
smart card is received in the information terminal and 10 
the information terminal is electronically connected to 
the data center. After the file decryption key is transmit- 
ted to the smart card, the file decryption key deciphers 
the variable encryption code and enables the informa- 
tion terminal to access stored data in the at least one is 
data file of the smart card. Upon termination of data 
access to the data file of the smart card, a new variable 
encryption code is embedded in the data file to preclude 
future unauthorized use of the smart card. 

The above and other objects and advantages of the 20 
present invention will become more readily apparent 
^ upon consideration of the following detailed description 
1 of preferred embodiments, taken in conjunction with 
accompanying drawings, in which like reference charac- 
ters refer to like parts throughout the drawings and in 25 
which: 

Fig 1 is a block diagram embodying one embodi- 
ment of the system of the present invention; 

Fig.2 is a flow chart depicting the method of use of 30 
the system of Fig. 1 ; 

Fig. 3 is a block diagram depicting another pre- 
ferred embodiment of the system of the 
present invention; and 

Fig. 4 is a flow chart depicting the method of use of 35 
the system of Fig. 3. 

In FIG. 1, there is shown generally at 10 one 
embodiment °* an overall system in accordance with the 
fe: ' invention. In the embodiment illustrated, the system 10 40 
comprises a remote data center 12 and a data terminal 
14 configured to receive a smart card 16. System 10 is 
operational to enable data terminal 14 to access data 
stored on smart card 16 after a successful verification 
process, via remote data center 1 2. As will be described 45 
further below, the verification process utilizes an 
encryption Key Management System, an example of 
which can be found in U.S. Pat. No. 5,390,251 , assigned 
to the assignee of the present invention and which is 
incorporated by reference herein. 50 

Smart card 16 is preferably a wallet-sized credit 
card that can hold diverse individual information. A vault 
microprocessor 18 is positioned on smart card 16, 
which microprocessor 18 includes associated software 
and memory storage, as is conventional. Vault micro- ss 
processor 18 also has associated with it an identifica- 
tion number 20 and a data file 24 having an embedded 
variable file encryption code 22. The identification 



number 20 is unique to card 16. As will be described in 
more detail below, the variable file encryption code 22 is 
a component of a Key Management System and is 
essentially a computer encryption scheme that prevents 
access to the data stored in the data file 24 of smart 
card 16 in the absence of the proper deciphering 
decryption scheme (the file decryption key 23). As will 
be described in more detail below, the file decryption 
key 23 is essentially an algorithm that decrypts (deci- 
phers) the encryption scheme established by the 
embedded variable file encryption code 22 enabling 
electronic access to the data stored in the data file 24 of 
card 16. 

In the illustrative embodiment of FIG. 1 , smart card 
16 is preferably implemented on an identification card, 
such as a driver's license, and has stored within its vault 
microprocessor 18 data (e.g., address, medical history, 
birthday, phone number, etc.) pertaining to owner of the 
card 16. As is conventional, vault microprocessor 18 
includes data terminals (not shown) for enabling elec- 
tronic communication with a data terminal (not shown) 
provided in information terminal 14. It is to be appreci- 
ated that card 1 6 is not to be understood to be limited to 
a state* s driver license as it may be implemented with 
any type of identification card, such as a Social Security 
card, employment identification card, etc. Furthermore, 
and as discussed further below, it is of course to be 
appreciated that card 16 is not to be understood to be 
limited to only the general personal information listed 
above but rather may include any type of suitable infor- 
mation thereon. 

The information terminal 14 of system 10 is prefer- 
ably a self-contained apparatus which will access the 
information stored on smart card 1 6. Information termi- 
nal 14 includes an input port 26 configured for reception 
of smart card 16. Input port 26 includes a data terminal 
(not shown) operative to electrically connect with the 
aforementioned data terminal of vault microprocessor 
18. A microprocessor 28 is electrically connected to 
input port 26 which microprocessor 28 includes associ- 
ated software and memory storage, as is conventional. 
Microprocessor 28 also has associated with it an identi- 
fication number 30 which is used to identify information 
terminal 14 to remote data center 12, as discussed fur- 
ther below. Information terminal 1 4 preferably includes a 
video monitor 32 electrically connected to microproces- 
sor 28, which monitor 32 may either be integrally pro- 
vided on terminal 14 or externally connected thereto. 
Further, a conventional input device 34 (e.g., an ASCII 
keyboard) is electrically connected to microprocessor 
28 for permitting a user to input data to microprocessor 
28. As will be discussed further below, input device 34 
enables a user to alter (e.g., update) the information 
stored in the data file 24 of smart card 16. Additionally, 
a conventional printer 36 may be electrically connected 
to microprocessor 28 for printing data from information 
terminal 1 4. 

A modem 38 is provided in information terminal 14, 
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transferred into smart card 1 6, access to the stored data 
24 therein will continue until the user of information ter- 
minal 14 completes the information transaction with 
smart card 16. after which the new variable encryption 
code 22' is embedded (e.g., activated) into the data file 
24. In other words, the new variable encryption code 22* 
remains in a dormant state until embedded into the data 
file 24. 

The user of information terminal 14 is now able to 
access the data file 24 of smart card 16, via microproc- 
essors 18 and 28 (step 128). The stored information of 
data file 24 can be displayed on monitor 32 and/or 
printed on printer 36, both of which are associated with 
information terminal 14 as described above. Addition- 
ally, system 10 may be adapted such that the user of 
information terminal 14 may alter the data file 24 of 
smart card 16. For instance, in the present exemplary 
embodiment, the stored medical history in data file 24 
regarding the owner of card 16 may be changed to indi- 
{ ;. cate the presence of a new medical aliment (e.g., high 
blood pressure)?; 
| After the terminal user has performed the desired 

' transactions with the data file 24 of smart card 16. the 

user terminates the information transaction process 
with smart card 16 through appropriate input to the 
microprocessor 28 of the information terminal 14 (step 
130), via input device 34. The microprocessor 28 of 
information terminal 14 then communicates with and 
instructs the vault microprocessor 18 of card 16 to ter- 
minate access to the data file 24 and to activate (e.g., 
embed) the new variable encryption code 22* to prevent 
future access to the data file 24 in the absence of its 
deciphering file encryption key 23' (step 132). Thus, in 
order to gain future access to the stored personal data 
24 of card 16, repetition of the above-described process 
is required with regard to the new variable encryption 
code 22* and file decryption key 23'. 

It is to be appreciated that the smart card key man- 
/ r: . agement system 10 of the present invention is particu- 

v- : ->' larly advantageous in that each time access is sought 
for the personal data stored on a smart card, a unique 
deciphering algorithm (file decryption key) is required, 
which algorithm is exclusively stored in a secure remote 
vendor data center. Additionally, the owner of the smart 
card need not choose or remember any passwords 
(e.g., a PIN number) to enable access to the data stored 
on the smart card. For example, when the owner of a 
smart card is admitted to a hospital in an unconscious 
condition, the user of the hospital information terminal 
needs only to insert the smart card into the terminal to 
gain access to the stored medical data while the above- 
mentioned security features are constantly maintained 
by the remote vendor data center. 

Referring now to Fig. 3, an alternative embodiment 
of the smart card key management system is shown 
generally at 200. System 200 is substantially similar to 
system 10 (Fig. 1) with the exception being that it is 
adapted for use with a universal smart card 216. Essen- 



tially, wherein smart card 20 of system 10 contained 
only a single data file 24 (e.g., medical history), univer- 
sal smart card 2 1 6 contains a plurality ol data files! each 
preferably pertaining to a different category of personal 

s data.. For instance, in the exemplary embodiment of 
. FIG. 3, smart card 216 contains four independent data 
ffles 224, 228, 232 and 236 respectively containing: 
medical history, credit history, academic history and 
employment history. Of course smart card 216 is not to 

10 be understood to be limited to only these four categories 
of data, but rather may incorporate any number of data 
files regarding numerous categories of information. 

Embedded into each independent data file 224, 
228, 232 and 236 is a respective variable encryption 

75 code 222, 226, 230 and 234. As described above, each 
aforementioned variable encryption code is a unique 
encryption algorithm that prevents access to the data 
file it is embedded within in the absence of the required 
deciphering file decryption key. For instance, if data 

20 access is required for the data file 228 regarding credit 
history, the unique file encryption key 227 for its embed- 
ded encryption code 226 is required. It is noted that this 
file decryption key 227 will only decipher variable 
encryption code 226 and will not decipher the other 

25 encryption codes (e.g., 222, 230. 234). nor will it deci- 
pher the new variable encryption code, which is to 
replace the present variable encryption code 226 
regarding the credit history data file 228. 

The operation of remote data center 212 is sub- 

30 stantially similar to that of remote data center 12 (Fig. 1 ) 
with the difference being that in order to selectively 
choose the proper file decryption key (or keys) to be 
transferred to information terminal 214, the computer 
processor 242 of the remote data base 212 preferably 

35 includes a master key database 243 (e.g., a look-up 
table) for each smart card 216. with each master key 
database 243 preferably containing each variable file 
encryption code 222, 226, . . 234 as well as its associ- 
ated file decryption key 223, 227, ... 231 for each smart 

40 card 21 6 of the system 200. 

Regarding the information terminal 214 of system 
200, its operation is similar to that of the information ter- 
minal 14 of system 10 (Fig. 1) with the exception being 
that it may be authorized by remote data center 212 to 

45 receive a file decryption key 223, 227,. . . 231 for more 
than one variable file encryption code 222, 226, . . . 234. 
That is, information terminal 214 or a user of information 
terminal 214, may be authorized to access more than 
one personal data file 224. 228, . . , 236 provided on a 

so smart card 216. 

Referring to Fig. 4 in conjunction with Fig. 3, the 
method of use of system 200 will now be described. 
Steps 300 to 316 are to be understood to be substantial 
identical to steps 100 to 116 of Fig. 2, thus the above 

55 discussion relating thereto is to be incorporated herein. 
At step 318, when the remote data center 212 receives 
the identification number 283 of information terminal 
214 a determination is made as to how many and which 
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files in the smart card wherein each first varia- 
ble encryption code is unique relative to one 
another; 

an information terminal configured for recep- 
tion of the smart card; and s 
a data center remote from the information ter- 
minal and configured to electronically connect 
with the information terminal, the data center 
including a master key database having a plu- 
rality of file decryption keys, each file decryp- 10 
tion key capable of deciphering one of the first 
variable encryption codes embedded in a 
respective data file of the smart code, whereby 
the data center is configured to electronically 
transmit at least one of the file decryption keys 75 
to the smart card when the smart card is 
received in the information terminal and the 
information terminal is electronically connected 
to the data center, whereby the at least one file 
decryption key enables the information termi- 20 
nal to access data stored in one of the plurality 
of data files of the smart card. 

A system as recited in claim 4, wherein the data 
center is adapted to assign another variable 25 
encryption code and deciphering file decryption key 
for each data file and to transmit the another 
encryption code to the information terminal so as to 
be embedded into an accessed data file of the 
smart card. 30 

A system as recited in claim 4 or 5, wherein the 
microprocessor of the information terminal includes 
a storage medium having an identification number 
that identifies the information terminal to the data 35 
center when the data center is electronically con- 
nected to the information terminal. 

A system as recited in claim 6, wherein the storage 
medium of the smart card includes an identification 40 
number that identifies the smart card to the data 
center when the smart card is received in the infor- 
mation terminal and the information terminal is 
electronically connected to the data center. 

45 

A system as recited in claim 7, wherein the data 
center is configured to authorize electronic trans- 
mission to the information terminal upon authenti- 
cation of the identification number of each of the 
information terminal and smart card. so 

A method for securing and retrieving data from a 
smart card, the method comprising the steps of: 

providing a data center having a computer 55 
processor and a storage medium; 
providing an information terminal remote from 
the data center and adapted to electrically con- 



nect to the data center and being configured for 

reception of the smart card; 

providing the smart card with at least one data 

file; 

embedding an encryption code in the at least 
one data file; 

providing the data center with a decryption key 

that deciphers the encryption code embedded 

in the at least one data file; 

transmitting the decryption key from the data 

center to the information terminal to decipher 

the encryption code embedded in the smart 

card; 

accessing data from the data file of the smart 
card after the encryption code has been deci- 
phered by the file decryption key; 
embedding a new encryption code in the data 
file of the smart card upon termination of data 
access to the data file; and 
storing a new deciphering decryption key for 
the new encryption code in the data center. 

10. A method for securing and retrieving data from a 
smart card as recited in claim 9. further including 
the steps of: 

providing the information terminal with a stor- 
age medium, the information terminal storage 
medium having a terminal identification 
number; 

providing the smart card with a storage 

medium, the card storage medium having a 

card identification number; 

transmitting the identification numbers of the 

information terminal and smart card to the data 

center; 

determining in the data center if the terminal 
and card identification numbers are valid; and 
transmitting the decryption key from the data 
center to the information terminal upon the val- 
idation of the terminal and card identification 
numbers. 

11. A method for securing and retrieving data from a 
smart card as recited in claim 9 or 10, further 
including the steps of: 

providing the smart card with a plurality of data 
files; and 

embedding a first encryption code in each one 
of the data files, wherein each first encryption 
code is unique relative to one another. 

12. A method for securing and retrieving data from a 
smart card as recited in claim 11. further including 
the steps of: 

providing a master key database in the data 
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center that includes a deciphering decryption 
key for each one of the first encryption SeT 

selectively transmitting at least one decryption 
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accessed one of a plurality of data files- 
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